By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,853 Members | 974 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,853 IT Pros & Developers. It's quick & easy.

PHP Obfuscator?

P: n/a
Does anyone know of a good, reliable PHP obfuscator, preferably one that
doesn't cost an arm and a leg? I tried Mike's gzen encoder, however I had
problems with included files. (e.g. I have a file vars.inc.php that includes
sql_connect.inc.php, in which a connection to mysql is made, and then in the
top-level files I do mysql_query($query, $MySQL_Link) [$MySQL_Link is the
connection made in sql_connect.inc.php], and I get an error about 'invalid
link resource' after using the gzen obfuscator...)

I've tried about a dozen that I found on google (yes, i tried pobs, but the
resultant code had syntax errors, and god knows I'm not going to dig through
*that* to find syntax errors!), so now I'm turning to others for help ^-^

I'd like not to have to buy the Zend encoder... ack...

Thanks in advance.
Jul 17 '05 #1
Share this Question
Share on Google+
19 Replies


P: n/a
OK, you will be happy to know (at least I am) that I found the problem with
the encoder series, I will be making adjustments to them in the next few
days, This also solves the problem with encoder so.

--
Mike Bradley
http://gzen.myhq.info -- free online php tools
Jul 17 '05 #2

P: n/a
"Agelmar" <if**********@comcast.net> wrote in message
news:bs************@ID-30799.news.uni-berlin.de...
Does anyone know of a good, reliable PHP obfuscator, preferably one that
doesn't cost an arm and a leg? I tried Mike's gzen encoder, however I had
problems with included files. (e.g. I have a file vars.inc.php that includes sql_connect.inc.php, in which a connection to mysql is made, and then in the top-level files I do mysql_query($query, $MySQL_Link) [$MySQL_Link is the
connection made in sql_connect.inc.php], and I get an error about 'invalid
link resource' after using the gzen obfuscator...)

I've tried about a dozen that I found on google (yes, i tried pobs, but the resultant code had syntax errors, and god knows I'm not going to dig through *that* to find syntax errors!), so now I'm turning to others for help ^-^

I'd like not to have to buy the Zend encoder... ack...

Thanks in advance.


Funny you should mention that, I was working on the binary decoder tonight,
and ran across the problem of include files, then it hit me, does the gZen
encoder have the same problems, yep it does, so I am going to try and solve
those first before I do the binary decoder.

--
Mike Bradley
http://gzen.myhq.info -- free online php tools
Jul 17 '05 #3

P: n/a
http://turck-mmcache.sourceforge.net/

Can encode files and generally do that which Zend Encoder does.

It can also load it's "loader library" at run time using the dl() command.

Jamie.

"Agelmar" <if**********@comcast.net> wrote in message
news:bs************@ID-30799.news.uni-berlin.de...
Does anyone know of a good, reliable PHP obfuscator, preferably one that
doesn't cost an arm and a leg? I tried Mike's gzen encoder, however I had
problems with included files. (e.g. I have a file vars.inc.php that includes sql_connect.inc.php, in which a connection to mysql is made, and then in the top-level files I do mysql_query($query, $MySQL_Link) [$MySQL_Link is the
connection made in sql_connect.inc.php], and I get an error about 'invalid
link resource' after using the gzen obfuscator...)

I've tried about a dozen that I found on google (yes, i tried pobs, but the resultant code had syntax errors, and god knows I'm not going to dig through *that* to find syntax errors!), so now I'm turning to others for help ^-^

I'd like not to have to buy the Zend encoder... ack...

Thanks in advance.

Jul 17 '05 #4

P: n/a
On Wed, 31 Dec 2003 02:38:32 -0500, "Agelmar"
<if**********@comcast.net> wrote:
Does anyone know of a good, reliable PHP obfuscator, preferably one that
doesn't cost an arm and a leg?


have you already tried POBS?

http://pobs.mywalhalla.net/

Regards

Marian
--
Internet-Dienstleistungen - von der Webseite bis zum Online-Shop
http://www.heddesheimer.de mailto:ma****@heddesheimer.de
Jul 17 '05 #5

P: n/a
de******************@spamgourmet.com idiotically stated:
On Wed, 31 Dec 2003 02:38:32 -0500, "Agelmar"
<if**********@comcast.net> wrote:
Does anyone know of a good, reliable PHP obfuscator, preferably one
that doesn't cost an arm and a leg?


have you already tried POBS?

http://pobs.mywalhalla.net/


Can you read?

--
brian ... brian@cc
www.brianculler.com
Jul 17 '05 #6

P: n/a
Jamie Burns wrote:
http://turck-mmcache.sourceforge.net/

Can encode files and generally do that which Zend Encoder does.

It can also load it's "loader library" at run time using the dl()
command.

Jamie.


Thanks, but the client is using a shared server with PHP running as CGI in
safe mode, hence that's a no go :(
Jul 17 '05 #7

P: n/a
"Agelmar" <if**********@comcast.net> wrote in message
news:bs************@ID-30799.news.uni-berlin.de...
Does anyone know of a good, reliable PHP obfuscator, preferably one that
doesn't cost an arm and a leg? I tried Mike's gzen encoder, however I had
problems with included files. (e.g. I have a file vars.inc.php that includes sql_connect.inc.php, in which a connection to mysql is made, and then in the top-level files I do mysql_query($query, $MySQL_Link) [$MySQL_Link is the
connection made in sql_connect.inc.php], and I get an error about 'invalid
link resource' after using the gzen obfuscator...)

Hello, its me again,

I rewrote my encoder, it should work, if not, well I tried, sorry. But I
will keep on working on it, it is turning into a pet project. :)

So far just the gZen Encoder is using the new core, and it spits back a zip
file, so no more copy & paste.

--
Mike Bradley
http://gzen.myhq.info -- free online php tools


Jul 17 '05 #8

P: n/a
CountScubula wrote:
"Agelmar" <if**********@comcast.net> wrote in message
news:bs************@ID-30799.news.uni-berlin.de...
Does anyone know of a good, reliable PHP obfuscator, preferably one
that doesn't cost an arm and a leg? I tried Mike's gzen encoder,
however I had problems with included files. (e.g. I have a file
vars.inc.php that includes sql_connect.inc.php, in which a
connection to mysql is made, and then in the top-level files I do
mysql_query($query, $MySQL_Link) [$MySQL_Link is the connection made
in sql_connect.inc.php], and I get an error about 'invalid link
resource' after using the gzen obfuscator...)

Hello, its me again,

I rewrote my encoder, it should work, if not, well I tried, sorry.
But I will keep on working on it, it is turning into a pet project. :)

So far just the gZen Encoder is using the new core, and it spits back
a zip file, so no more copy & paste.


I will give it a try and let you know how it works :-)
Jul 17 '05 #9

P: n/a
Agelmar wrote:
<snip>
Hello, its me again,

I rewrote my encoder, it should work, if not, well I tried, sorry.
But I will keep on working on it, it is turning into a pet project.
:)

So far just the gZen Encoder is using the new core, and it spits back
a zip file, so no more copy & paste.


I will give it a try and let you know how it works :-)


Wow... I'm most impressed. I encoded one page, vars.inc.php, and
sql_connect.inc.php, and it all still works. Even pages which are not
encoded can still include the encoded vars.inc.php and not have a problem.
Nice going.

- Ian
Jul 17 '05 #10

P: n/a
On Thu, 1 Jan 2004 10:23:25 -0500, "Agelmar"
<if**********@comcast.net> brought forth from the murky depths:
Agelmar wrote:
<snip>
Hello, its me again,

I rewrote my encoder, it should work, if not, well I tried, sorry.
But I will keep on working on it, it is turning into a pet project.
:)

So far just the gZen Encoder is using the new core, and it spits back
a zip file, so no more copy & paste.


I will give it a try and let you know how it works :-)


Wow... I'm most impressed. I encoded one page, vars.inc.php, and
sql_connect.inc.php, and it all still works. Even pages which are not
encoded can still include the encoded vars.inc.php and not have a problem.
Nice going.


What is the reason behind obfuscation/encoding? Is it to protect
your code from potential login/password viewing on a shared
server, or to somewhat copyright your code, or what?
----------------------------------------------------------
Please return Stewardess to her original upright position.
--------------------------------------
http://www.diversify.com Tagline-based T-shirts!
Jul 17 '05 #11

P: n/a

"Agelmar" <if**********@comcast.net> wrote in message
news:bt************@ID-30799.news.uni-berlin.de...
Agelmar wrote:
<snip>
Hello, its me again,

I rewrote my encoder, it should work, if not, well I tried, sorry.
But I will keep on working on it, it is turning into a pet project.
:)

So far just the gZen Encoder is using the new core, and it spits back
a zip file, so no more copy & paste.


I will give it a try and let you know how it works :-)


Wow... I'm most impressed. I encoded one page, vars.inc.php, and
sql_connect.inc.php, and it all still works. Even pages which are not
encoded can still include the encoded vars.inc.php and not have a problem.
Nice going.

- Ian


Having fun replying to yourself? ;-)
You forgot to change your user name/nick.
Jul 17 '05 #12

P: n/a
<> wrote:
"Agelmar" <if**********@comcast.net> wrote in message
news:bt************@ID-30799.news.uni-berlin.de...
Agelmar wrote:
<snip>
Hello, its me again,

I rewrote my encoder, it should work, if not, well I tried, sorry.
But I will keep on working on it, it is turning into a pet project.
:)

So far just the gZen Encoder is using the new core, and it spits
back a zip file, so no more copy & paste.

I will give it a try and let you know how it works :-)


Wow... I'm most impressed. I encoded one page, vars.inc.php, and
sql_connect.inc.php, and it all still works. Even pages which are not
encoded can still include the encoded vars.inc.php and not have a
problem. Nice going.

- Ian


Having fun replying to yourself? ;-)
You forgot to change your user name/nick.


Not trying to appear as two different people. On this group I always post as
"Agelmar" and sign as "Ian" or "Ian Fette", simply because on all the other
groups I follow I post as "Agelmar", and I'm too darned lazy to change it
all the time back and forth :P
Jul 17 '05 #13

P: n/a
Larry Jaques wrote:
On Thu, 1 Jan 2004 10:23:25 -0500, "Agelmar"
<if**********@comcast.net> brought forth from the murky depths:
Agelmar wrote:
<snip>
Hello, its me again,

I rewrote my encoder, it should work, if not, well I tried, sorry.
But I will keep on working on it, it is turning into a pet project.
:)

So far just the gZen Encoder is using the new core, and it spits
back a zip file, so no more copy & paste.

I will give it a try and let you know how it works :-)


Wow... I'm most impressed. I encoded one page, vars.inc.php, and
sql_connect.inc.php, and it all still works. Even pages which are not
encoded can still include the encoded vars.inc.php and not have a
problem. Nice going.


What is the reason behind obfuscation/encoding? Is it to protect
your code from potential login/password viewing on a shared
server, or to somewhat copyright your code, or what?


Not really either. I mean with Mike's (CountScubula) encoder, all it does is
do a base64 decode, gzuncompress, and then eval it, so it's not that hard to
spit the original source code back out of an encoded file. (I did it in one
line of code.) Rather, it's to prevent someone who *thinks* they know PHP
because the code "looks easy enough" from changing anything. The vast
majority of my clients should *not* be changing anything in my code, because
they do not know what they are doing. They could do something as simple as
shove in a return in one of the files, and cause holy hell with the headers
I need to send, etc. If they see something that came out of an obfuscator,
it looks scary as hell, and they are much less likely to touch anything (and
if they do touch anything, they know enough to de-obfsucate it, and I'm less
worried about them screwing anything up.)

That's the main reason...
Jul 17 '05 #14

P: n/a
> > What is the reason behind obfuscation/encoding? Is it to protect
your code from potential login/password viewing on a shared
server, or to somewhat copyright your code, or what?

Not really either. I mean with Mike's (CountScubula) encoder, all it does

is do a base64 decode, gzuncompress, and then eval it, so it's not that hard to spit the original source code back out of an encoded file. (I did it in one line of code.) Rather, it's to prevent someone who *thinks* they know PHP
because the code "looks easy enough" from changing anything. The vast
majority of my clients should *not* be changing anything in my code, because they do not know what they are doing. They could do something as simple as
shove in a return in one of the files, and cause holy hell with the headers I need to send, etc. If they see something that came out of an obfuscator,
it looks scary as hell, and they are much less likely to touch anything (and if they do touch anything, they know enough to de-obfsucate it, and I'm less worried about them screwing anything up.)

That's the main reason...


Hey, that is a great explanation, may I quote you on my site?

--
Mike Bradley
http://gzen.myhq.info -- free online php tools


Jul 17 '05 #15

P: n/a
"Agelmar" <if**********@comcast.net> wrote in message
news:bt************@ID-30799.news.uni-berlin.de...
.....
.....
I will give it a try and let you know how it works :-)


Wow... I'm most impressed. I encoded one page, vars.inc.php, and
sql_connect.inc.php, and it all still works. Even pages which are not
encoded can still include the encoded vars.inc.php and not have a problem.
Nice going.

- Ian

Thank you,

Did you notice the new decoder stub?
$d = eval(gzuncompress(base64_decode("eJxT......0Q==")) );

I wrapped the decoder in the decoder.

I am still working on the function map, this way if someone does decode it,
it will still be a pain in the ****, however it needs to work with files
that are no encoded, got the concept down, having trouble in the second pass
of the code.

You are right in your other post, this is to fend off the PIP's, (Php Insta
Programmer) [ok, i made that up]
--
Mike Bradley
http://gzen.myhq.info -- free online php tools
Jul 17 '05 #16

P: n/a
> Agelmar wrote:
Wow... I'm most impressed. I encoded one page, vars.inc.php, and
sql_connect.inc.php, and it all still works. Even pages which are not
encoded can still include the encoded vars.inc.php and not have a problem.
Nice going.

- Ian


Ok, I got to point 2.1,

weill it sounds like you got an involved script, would you mind trying v2.1?
I added function Obfuscator/Mapping, and strip comments/white spaces

Well, I am going to my friends office, I am going to help him desing a
network tonight, its a simple
realestate office with 3 branch stores. I will be back later tonight.

--
Mike Bradley
http://gzen.myhq.info -- free online php tools
Jul 17 '05 #17

P: n/a
On Thu, 1 Jan 2004 12:22:32 -0500, "Agelmar"
<if**********@comcast.net> brought forth from the murky depths:
Larry Jaques wrote:
What is the reason behind obfuscation/encoding?
-snip-I need to send, etc. If they see something that came out of an obfuscator,
it looks scary as hell, and they are much less likely to touch anything (and
if they do touch anything, they know enough to de-obfsucate it, and I'm less
worried about them screwing anything up.)
OK. ;)

That's the main reason...


Ah, that reminds me about all the GIs who got computers in the early
80's. I fixed so MANY autoexec.bat and config.sys files which they
had modified with WordPerfect that it wasn't funny. MS DOS, Word
Perfect, and the US military sent lots of business to me in those
early years. <g>

You may be throwing away money. (Just remember to always use YOUR
copy of the file when you do mods or you'll be troubleshooting
their problems as well as your own.) DAMHIKT
---
After they make styrofoam, what do they ship it in? --Steven Wright
http://diversify.com Comprehensive Website Development
Jul 17 '05 #18

P: n/a
"Agelmar" <if**********@comcast.net> wrote in message
news:bs************@ID-30799.news.uni-berlin.de...
Does anyone know of a good, reliable PHP obfuscator, preferably one that
doesn't cost an arm and a leg? I tried Mike's gzen encoder, however I had
problems with included files. (e.g. I have a file vars.inc.php that includes sql_connect.inc.php, in which a connection to mysql is made, and then in the top-level files I do mysql_query($query, $MySQL_Link) [$MySQL_Link is the
connection made in sql_connect.inc.php], and I get an error about 'invalid
link resource' after using the gzen obfuscator...)

I've tried about a dozen that I found on google (yes, i tried pobs, but the resultant code had syntax errors, and god knows I'm not going to dig through *that* to find syntax errors!), so now I'm turning to others for help ^-^

I'd like not to have to buy the Zend encoder... ack...

Thanks in advance.


Ok we are at 2.2, in case anyone cares. most stuf fixed and looks cooler

Also, can you define an arm and a leg? Is this like a tall mans arm/leg, or
a short mans arm/leg.
I was thinking of making a version of the tools available on CD with a
windows GUI to them, but was thinking about $19.95- $24.95 (after I get a
few more tools online) is that too much?

--
Mike Bradley
http://gzen.myhq.info -- free online php tools
Jul 17 '05 #19

P: n/a
"CountScubula" <me@scantek.hotmail.com> wrote in message news:<FJ*****************@newssvr27.news.prodigy.c om>...
"Agelmar" <if**********@comcast.net> wrote in message
news:bs************@ID-30799.news.uni-berlin.de...
Does anyone know of a good, reliable PHP obfuscator, preferably one that
doesn't cost an arm and a leg? I tried Mike's gzen encoder, ...and I get an error I've tried about a dozen that I found on google
(yes, i tried pobs, but the resultant code had syntax errors,
and god knows I'm not going to dig through *that* ...


Check out http://www.semanticdesigns.com/Produ...bfuscator.html.

It obfuscates more that POBS, but doesn't product syntax errors.
It is based on a full PHP parser, so it understands the syntax
up front.

I don't know if it qualifies as costing an arm or a leg;
that seems to be a pretty personal judgement.
Given the energy you've spent on trying lots of these,
perhaps optimizing on cheap isn't what you need.

-- IDB
Jul 17 '05 #20

This discussion thread is closed

Replies have been disabled for this discussion.